We are working on SSL in gibber and now we need a way to send/receive certificates and to send the private key to the cm.
At the moment, my only idea is: - The user certificate is passed as a connection parameter to RequestConnection(). - When the connection is established with the server (of course not in salut), the cm emits CertificateReceived(handle, cert_type, cert) with handle set to 0. The client can verify the certificate and drop the connection if something is wrong. - For end-to-end encryption, the cm emits CertificateReceived() when beginning a communication with a peer with the handle of the peer as first argument. The actual verification of the certificate (maybe with user input) is left to the client. This solution has a number of problems: - How should I pass the private key to the cm? Is it a problem to pass it on dbus (it could be easily sniffed using dbus-monitor)? - What to do if I don't have access to the private key (e.g. smart card readers)? - In the case of a connection to a server I need to pause the connection process until the client has verified the server's certificate, to avoid sending the password to an untrusted server. - We need a ListSupportedCertificates() method to know the supported certificate types: X.509, PGP, etc. Any better idea? Suggestions? -- Marco Barisione http://www.barisione.org/ _______________________________________________ Telepathy mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/telepathy
